Trait soup::prelude::AuthDomainExt
source · pub trait AuthDomainExt: IsA<AuthDomain> + Sealed + 'static {
// Provided methods
fn accepts(&self, msg: &ServerMessage) -> Option<GString> { ... }
fn add_path(&self, path: &str) { ... }
fn challenge(&self, msg: &ServerMessage) { ... }
fn check_password(
&self,
msg: &ServerMessage,
username: &str,
password: &str
) -> bool { ... }
fn covers(&self, msg: &ServerMessage) -> bool { ... }
fn realm(&self) -> Option<GString> { ... }
fn remove_path(&self, path: &str) { ... }
fn set_filter<P: Fn(&AuthDomain, &ServerMessage) -> bool + 'static>(
&self,
filter: P
) { ... }
fn set_generic_auth_callback<P: Fn(&AuthDomain, &ServerMessage, &str) -> bool + 'static>(
&self,
auth_callback: P
) { ... }
fn is_proxy(&self) -> bool { ... }
fn connect_filter_data_notify<F: Fn(&Self) + 'static>(
&self,
f: F
) -> SignalHandlerId { ... }
fn connect_generic_auth_data_notify<F: Fn(&Self) + 'static>(
&self,
f: F
) -> SignalHandlerId { ... }
}
Expand description
Trait containing all AuthDomain
methods.
§Implementors
Provided Methods§
sourcefn accepts(&self, msg: &ServerMessage) -> Option<GString>
fn accepts(&self, msg: &ServerMessage) -> Option<GString>
Checks if @msg contains appropriate authorization for @self to accept it.
Mirroring covers()
, this does not check whether or not
@self cares if @msg is authorized.
This is used by Server
internally and is probably of no use to
anyone else.
§msg
a #SoupServerMessage
§Returns
the username that @msg has authenticated
as, if in fact it has authenticated. None
otherwise.
sourcefn add_path(&self, path: &str)
fn add_path(&self, path: &str)
Adds @path to @self.
Requests under @path on @self’s server will require authentication (unless
overridden by remove_path()
or
set_filter()
).
§path
the path to add to @self
sourcefn challenge(&self, msg: &ServerMessage)
fn challenge(&self, msg: &ServerMessage)
sourcefn check_password(
&self,
msg: &ServerMessage,
username: &str,
password: &str
) -> bool
fn check_password( &self, msg: &ServerMessage, username: &str, password: &str ) -> bool
sourcefn covers(&self, msg: &ServerMessage) -> bool
fn covers(&self, msg: &ServerMessage) -> bool
Checks if @self requires @msg to be authenticated (according to its paths and filter function).
This does not actually look at whether @msg is authenticated, merely whether or not it needs to be.
This is used by Server
internally and is probably of no use to
anyone else.
§msg
a #SoupServerMessage
§Returns
true
if @self requires @msg to be authenticated
sourcefn remove_path(&self, path: &str)
fn remove_path(&self, path: &str)
Removes @path from @self.
Requests under @path on @self’s server will NOT require authentication.
This is not simply an undo-er for add_path()
; it
can be used to “carve out” a subtree that does not require
authentication inside a hierarchy that does. Note also that unlike
with add_path()
, this cannot be overridden by
adding a filter, as filters can only bypass authentication that
would otherwise be required, not require it where it would
otherwise be unnecessary.
§path
the path to remove from @self
sourcefn set_filter<P: Fn(&AuthDomain, &ServerMessage) -> bool + 'static>(
&self,
filter: P
)
fn set_filter<P: Fn(&AuthDomain, &ServerMessage) -> bool + 'static>( &self, filter: P )
Adds @filter as an authentication filter to @self.
The filter gets a chance to bypass authentication for certain requests that would otherwise require it. Eg, it might check the message’s path in some way that is too complicated to do via the other methods, or it might check the message’s method, and allow GETs but not PUTs.
The filter function returns true
if the request should still
require authentication, or false
if authentication is unnecessary
for this request.
To help prevent security holes, your filter should return true
by
default, and only return false
under specifically-tested
circumstances, rather than the other way around. Eg, in the example
above, where you want to authenticate PUTs but not GETs, you should
check if the method is GET and return false
in that case, and then
return true
for all other methods (rather than returning true
for
PUT and false
for all other methods). This way if it turned out
(now or later) that some paths supported additional methods besides
GET and PUT, those methods would default to being NOT allowed for
unauthenticated users.
You can also set the filter by setting the SoupAuthDomain:filter
and filter-data
properties], which can also be
used to set the filter at construct time.
§filter
the auth filter for @self
§filter_data
data to pass to @filter
sourcefn set_generic_auth_callback<P: Fn(&AuthDomain, &ServerMessage, &str) -> bool + 'static>(
&self,
auth_callback: P
)
fn set_generic_auth_callback<P: Fn(&AuthDomain, &ServerMessage, &str) -> bool + 'static>( &self, auth_callback: P )
Sets @auth_callback as an authentication-handling callback for @self.
Whenever a request comes in to @self which cannot be authenticated via a
domain-specific auth callback (eg, callback::AuthDomainDigestAuthCallback), the generic auth callback will be invoked. See
callback::AuthDomainGenericAuthCallback for information on what the callback
should do.
§auth_callback
the auth callback
§auth_data
data to pass to @auth_callback